Not just take down the OS, but render the machine completely unbootable until a config file gets manually removed from the HD by starting in Safe Mode from the console.

It's not an "app", it's a kernel driver. A serious driver bug is catastrophic in nearly any OS.

Putting aside the semantic swamp of figuring out what an app actually refers to, this seems to be exactly the problem. They should have their signing keys revoked.